[14590] in bugtraq
Re: Network Security and Privacy
daemon@ATHENA.MIT.EDU (Cold Fire)
Thu Apr 20 14:52:09 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000420125857.A9663@shady.org>
Date: Thu, 20 Apr 2000 12:58:57 +0100
Reply-To: Cold Fire <coldfire@CLOSED-NETWORKS.COM>
From: Cold Fire <coldfire@CLOSED-NETWORKS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSI.4.05L.10004190806160.20180-100000@west.philly.ghetto.org>; from javaman@GHETTO.ORG on Wed,
Apr 19, 2000 at 08:08:39AM -0400
On Wed, Apr 19, 2000 at 08:08:39AM -0400, JavaMan wrote:
> This is not a new problem. This is a very old issue that has been
> ignored for too long. What is new, however, is the large number of users who
> are now on dialup access, and consequently, dialed into unsecured servers.
Much, if not all, the same information can be gained with the use of
a much older tool, 'finger'
finger -l @terminalserver.target.com
There's much serious problems with having a guessable community
name than leeking a few lusers account details.
Solution: disable fingerd on your terminal servers
Steve
--
'Cold Fire, Britains most notorious hacker' Observer, July 1997
'The most recent conviton was that of [Cold Fire] whose On-line
escapades spanned from hacking into educational sites to more
sinister activities such as tapping into industrial and United
States military sites.' DC Paul Cox, SO6 Scotland Yard CCU
